Rafel RAT Malware Targets 3.9 Billion Android Devices in Global Cyberattack Campaigns
June 25, 2024Check Point Research has discovered that multiple threat actors, including APT-C-35 / DoNot Team, are utilizing the Rafel RAT malware in around 120 campaigns targeting over 3.9 billion Android devices worldwide.
These campaigns involve various malicious activities such as data theft, espionage, and ransomware attacks, with high-profile organizations, including military groups, being targeted.
Victims were primarily in the US, China, and Indonesia, with most using Samsung phones, followed by devices from Xiaomi, Vivo, and Huawei.
The malware is spread through phishing campaigns disguised as popular apps like WhatsApp and Instagram, affecting Android devices running unsupported versions, leaving them vulnerable to exploitation.
Rafel RAT allows attackers to access device information, intercept notifications, execute commands like deleting files, encrypting data, and changing device settings.
It also enables the stealing of contact details for identity theft and social engineering attacks, as well as running ransomware operations by obtaining DeviceAdmin privileges and altering lock-screen passwords.
To protect against these threats, users are advised to only install apps from trusted sources, avoid third-party apps, and regularly check app permissions and reviews.
Adopting a multi-layered approach to mobile security is crucial in safeguarding Android devices from the growing threat of malware attacks.
The Rafel RAT malware poses a significant threat to Android devices, emphasizing the importance of timely updates and security measures to prevent malicious attacks.
Summary based on 8 sources
Get a daily email with more Tech stories
Sources
Forbes • Jun 20, 2024
Update Now Warning Issued For Millions Of Samsung, Pixel, Xiaomi UsersBleepingComputer • Jun 24, 2024
Rafel RAT targets outdated Android phones in ransomware attacksBleepingComputer • Jun 21, 2024
Ratel RAT targets outdated Android phones in ransomware attacksThe Hacker News • Jun 24, 2024
Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices